The company has claimed that the vulnerabilities allowed system infiltration and the launch of code on the system using the privileges of the user. Problems were caused by errors in the processing of video files in different file formats and codecs. For an attack to successful, a victim has to play a manipulated file that takes advantage of one of the vulnerabilities.
The security flaws resolved by the new release include vulnerabilities to maliciously crafted RTSP URLs and QTVR, AVI, MPEG-2, H.263, Cinepak and QuickTime-encoded movie files.
QuickTime 7.6 is available for Mac OS/X Tiger and Leopard as well as the Vole's Windows XP and Vista. It can be installed via Software Update or from the Apple Downloads page.
See original article on scmagazineuk.com